RE: modifying a webpage

yours31f wrote:
From what i understand, he thinks if you dl a page you can edit it and send it back, and that is web hacking. I dont think he understands how servers work.

I know. However, I think you ALSO don't know how servers work. HTML has, actually, very little to nothing to do with editing files on another server.

Enjoy your standard "HTML-first" procedure while you can, asshat.

"The chowner of property." - Zeph

[small]

�Widespread intellectual and moral docility may be convenient for leaders in the short term,
but it is suicidal for nations in the long term.� - Carl Sagan

[center]�Since the grid is inescapable, what were the earlier lasers about? Does the corridor have a sense of humor?� - Ebert[/ce

Author

RE: modifying a webpage

Member

Posts:Location:Joined: 01.01.70 Rank: Guest

Posted on 20-09-08 21:10

yours31f wrote:
From what i understand, he thinks if you dl a page you can edit it and send it back, and that is web hacking. I dont think he understands how servers work.

So, what does html have to do with web hacking?

@harry_potter28: Find a vulnerability, exploit it, upload the page.

Common vulnerabilities:

XSS (Cross-Site Scripting) - In my experience, the most common vulnerability. Also, the most underestimated. Using this you can do whatever the client can. You can steal sessions, send requests to pages that the user was on and possibly have admin on (using ajax), etc. To exploit it you would most likely code a script, put it on a server, and use the vulnerability to make the client execute that script.

SQL Injection - Not as common, but it's powerful if you find one. It allows you access to the sql server. Using this you can get user-names/passwords and potentially alter information, execute shell commands (MS SQL only), and add shells. All of that depends on the server and the query.

CSRF (cross-site request forgery) - Basically a form of XSS, but instead of using javascript, it uses html. You can exploit this by setting up an iframe, image, etc. that does a get request to the server and hopefully you alter information.

LFI/RFI (Local/Remote file inclusion) - This is where you exploit the administrators code to include files. If it's remote, you can make it request a php/asp/etc. script that you wrote which will allow you to edit files. Local isn't very much of a threat unless they are blocking access through the use of .htpasswd/.htaccess files. If they are, just request the .htpasswd file and you'll get the username/password. It's one of my favorite vulnerabilities.

Misnamed Files - This isn't an official type of vulnerability. It just stems from the administrators lack of thought. You can potentially find usernames and password for sql, etc. from configuration files.

That's a lot of web based vulnerabilities, there are many more, but those are the more common ones. I'm not a rooter, though, so I can't really give you any information to help you on that part.

RE: modifying a webpage

Posts: 586Location: He is back and he's bad!Joined: 25.11.07 Rank: Mad User

Posted on 20-09-08 21:56

hacker2k wrote:
Common vulnerabilities:

XSS (Cross-Site Scripting) - In my experience, the most common vulnerability. Also, the most underestimated. Using this you can do whatever the client can. You can steal sessions, send requests to pages that the user was on and possibly have admin on (using ajax), etc. To exploit it you would most likely code a script, put it on a server, and use the vulnerability to make the client execute that script.

SQL Injection - Not as common, but it's powerful if you find one. It allows you access to the sql server. Using this you can get user-names/passwords and potentially alter information, execute shell commands (MS SQL only), and add shells. All of that depends on the server and the query.

CSRF (cross-site request forgery) - Basically a form of XSS, but instead of using javascript, it uses html. You can exploit this by setting up an iframe, image, etc. that does a get request to the server and hopefully you alter information.

LFI/RFI (Local/Remote file inclusion) - This is where you exploit the administrators code to include files. If it's remote, you can make it request a php/asp/etc. script that you wrote which will allow you to edit files. Local isn't very much of a threat unless they are blocking access through the use of .htpasswd/.htaccess files. If they are, just request the .htpasswd file and you'll get the username/password. It's one of my favorite vulnerabilities.

Misnamed Files - This isn't an official type of vulnerability. It just stems from the administrators lack of thought. You can potentially find usernames and password for sql, etc. from configuration files.

That's a lot of web based vulnerabilities, there are many more, but those are the more common ones. I'm not a rooter, though, so I can't really give you any information to help you on that part.

Ok this desription was vague, confusing stupid and wrong. Please don't do this again and research these vulnerabilities in more depth. For instance cross-site scripting-->attacker injects code/script, which is then processed and executed by the server. Cross-site request forgery-->attacker embeds malicious request in a link/img etc. which is then executed by other user that visits the link/views the image, without even noticing it. SQL injection doesn't give you acces to the sql server, but allows you to inject and execute your own sql queries. LFI allows you to view files on the server you found the exploit in. It could be used to get the passwd file from the server or view source of some pages ( this varies and depends on the extent of the exploit itself ), whereas RFI allows you to include and execute content ( most likely php ) on the remote server. Then you can get a shell on the server and upload files/backdoor. However this vulnerability is slowly dying off, since now-a-days by the default installation of apache, remote file inclusion is restricted.

[img][/img]

spyware - "They see me trollin'..."<yaragn> ever seen that movie? The Matrix?
<yaragn> with those green lines of flying text?
<yaragn> *THAT'S* Perl

Author

RE: modifying a webpage

Member

Posts:Location:Joined: 01.01.70 Rank: Guest

Posted on 20-09-08 22:15

clone4 wrote:

hacker2k wrote:
Common vulnerabilities:

XSS (Cross-Site Scripting) - In my experience, the most common vulnerability. Also, the most underestimated. Using this you can do whatever the client can. You can steal sessions, send requests to pages that the user was on and possibly have admin on (using ajax), etc. To exploit it you would most likely code a script, put it on a server, and use the vulnerability to make the client execute that script.

SQL Injection - Not as common, but it's powerful if you find one. It allows you access to the sql server. Using this you can get user-names/passwords and potentially alter information, execute shell commands (MS SQL only), and add shells. All of that depends on the server and the query.

CSRF (cross-site request forgery) - Basically a form of XSS, but instead of using javascript, it uses html. You can exploit this by setting up an iframe, image, etc. that does a get request to the server and hopefully you alter information.

LFI/RFI (Local/Remote file inclusion) - This is where you exploit the administrators code to include files. If it's remote, you can make it request a php/asp/etc. script that you wrote which will allow you to edit files. Local isn't very much of a threat unless they are blocking access through the use of .htpasswd/.htaccess files. If they are, just request the .htpasswd file and you'll get the username/password. It's one of my favorite vulnerabilities.

Misnamed Files - This isn't an official type of vulnerability. It just stems from the administrators lack of thought. You can potentially find usernames and password for sql, etc. from configuration files.

That's a lot of web based vulnerabilities, there are many more, but those are the more common ones. I'm not a rooter, though, so I can't really give you any information to help you on that part.

Ok this desription was vague, confusing stupid and wrong. Please don't do this again and research these vulnerabilities in more depth. For instance cross-site scripting-->attacker injects code/script, which is then processed and executed by the server. Cross-site request forgery-->attacker embeds malicious request in a link/img etc. which is then executed by other user that visits the link/views the image, without even noticing it. SQL injection doesn't give you acces to the sql server, but allows you to inject and execute your own sql queries. LFI allows you to view files on the server you found the exploit in. It could be used to get the passwd file from the server or view source of some pages ( this varies and depends on the extent of the exploit itself ), whereas RFI allows you to include and execute content ( most likely php ) on the remote server. Then you can get a shell on the server and upload files/backdoor. However this vulnerability is slowly dying off, since now-a-days by the default installation of apache, remote file inclusion is restricted.

Your description of SQL, LFI, RFI, CSRF, are the same as mine. XSS is wrong though. The code that you inject is not executed by the server. It is executed by the browser that the client is using. LFI I had stated that it allowed you to read files on the server, however it isn't really of much use unless they are protecting a directory by .htpasswd. /etc/passwd shows you nothing since the password hashes are stored in /etc/shadow. RFI, I said you can get a shell, etc. It is most likely php, but it can also be in asp, etc. It depends on what language the page is in. As for CSRF, it depends on the privileges of the user. If the user is an administrator, you can edit information. SQL injection, yeah, you have access to the mysql server. Depending on where you found the vulnerability and what the script does gives you what you can do. I believe I said that in my description. If the server is MS SQL you can do shell commands with xp_cmshell (not sure if that's the command, have to look it up). You can use INTO OUTFILE which someone said in another post to create files and upload a shell through it (thanks again whoever posted that).

So, now, will you please tell me how my descriptions are stupid and wrong?

Author

RE: modifying a webpage

You're both stupid. Why are you trying to define terms that have been defined already? There's wikipedia articles, white-papers and malicious code snippets out there from which you can learn. You two hardly contribute any information to the subject. Au contraire; your mindless babbling results in foul-informed members here at HBH.

Shut up, watch, learn. Both of you.

"The chowner of property." - Zeph

[small]

�Widespread intellectual and moral docility may be convenient for leaders in the short term,
but it is suicidal for nations in the long term.� - Carl Sagan

[center]�Since the grid is inescapable, what were the earlier lasers about? Does the corridor have a sense of humor?� - Ebert[/ce

Author

RE: modifying a webpage

Member

Posts:Location:Joined: 01.01.70 Rank: Guest

Posted on 20-09-08 22:25

hacker2k wrote:
/etc/passwd shows you nothing since the password hashes are stored in /etc/shadow.

It lets you enumerate users.

I believe I said that in my description. If the server is MS SQL you can do shell commands with xp_cmdshell (corrected). You can use INTO OUTFILE which someone said in another post to create files and upload a shell through it (thanks again whoever posted that).

That was system... MySQL has load_file() to view files on the server as well (as an alternative to LFI).

Just throwing those small bits in there... please continue with the disagreement.

Edited by on 20-09-08 22:27

Author

RE: modifying a webpage

Member

Posts:Location:Joined: 01.01.70 Rank: Guest

Posted on 20-09-08 22:26

spyware wrote:
You're both stupid. Why are you trying to define terms that have been defined already? There's wikipedia articles, white-papers and malicious code snippets out there from which you can learn. You two hardly contribute any information to the subject. Au contraire; your mindless babbling results in foul-informed members here at HBH.

Shut up, watch, learn. Both of you.

Sir yes sir, but first, I'd like to say that my information was true as compared to clone4's retarded restatements and wrong definitions. Also, I'm sure it would help the topic of you enlightened us.

@Zephyr: Hmm, yeah, didn't think about that. Maybe you could find like a test account or guest account of some sort on the server through that.

Edited by on 20-09-08 22:28

Author

RE: modifying a webpage

hacker2k wrote:
Sir yes sir, but first, I'd like to say that my information was true as compared to clone4's retarded restatements and wrong definitions. Also, I'm sure it would help the topic of you enlightened us.

Me? Me enlightening you? What have I to say that others haven't? I am merely a information carrier. What value will my words have, when I speak of what others have spoken? None. None at all.

I will NOT act as a bringer of information. Retriever of data. Supplier of text. Google seems happy with it's job, and is good at it.

If you want to know stuff about webappsec, go ask RSnake and companions. However, if you behave there like you behave here, I see nothing but trouble on your path.

Consider yourselves warned.

"The chowner of property." - Zeph

[small]

�Widespread intellectual and moral docility may be convenient for leaders in the short term,
but it is suicidal for nations in the long term.� - Carl Sagan

[center]�Since the grid is inescapable, what were the earlier lasers about? Does the corridor have a sense of humor?� - Ebert[/ce

Author

RE: modifying a webpage

Posts: 586Location: He is back and he's bad!Joined: 25.11.07 Rank: Mad User

Posted on 20-09-08 22:35

spyware wrote:
You're both stupid. Why are you trying to define terms that have been defined already? There's wikipedia articles, white-papers and malicious code snippets out there from which you can learn. You two hardly contribute any information to the subject. Au contraire; your mindless babbling results in foul-informed members here at HBH.

Shut up, watch, learn. Both of you.

Point wasn't to define, but correct stated information, because it wasn't exactly right...

@OP: The think inted to do requires either to root the server the website is hosted on. For that you would need to scan the server for opened services and then be able to exploit them ( doubt you could ). You could also try Social engeneering on the admin and somehow get the password e.g. for ftp/ssh. Finally you can try this via web hacking, eg the aforementioned RFI. But from your post, I think it is save to assume that you have very low knowledge of any of these, so if you really want to start to learn 'hacking' digg in here, read articles, programming etc. Use google, and forum to answer any further questions...

@hacker2k: Whatever, spy is right, I won't argue. If you wan't finish this off, pm me

hacker2k wrote:
Sir yes sir, but first, I'd like to say that my information was true as compared to clone4's retarded restatements and wrong definitions. Also, I'm sure it would help the topic of you enlightened us.

Wow that hurt a little haha well if you think so, go on and stay in your imagination land. End of story

[img][/img]

spyware - "They see me trollin'..."<yaragn> ever seen that movie? The Matrix?
<yaragn> with those green lines of flying text?
<yaragn> *THAT'S* Perl

this actually made me laugh out loud. I would but there literally is no point...

Edit: reaction to the post below, because I don't want to further hijack this thread and go on in this stupid flame.

Ha, yeah. I've googled, I just thought that since we are babbling and stupid and should "shut up, watch, and learn", you would like to tell us what we are mistaking. And, for your information, I'm not just some random moron that knows nothing, has no experience, etc. I've done SQL injections, XSS, CSRF, etc. with great success. Not very much set upt yet, but here is what I've been up to: http://jonnycake.kicks-ass.net/hacks.php. Maybe those can also as examples of these vulnerabilities. My apologies for the RFI, though, I didn't screenshot it.

wow you've found couple of vulnerabilities on some websites, well congrats. My respect, will you be my mentor ?!

[img][/img]

spyware - "They see me trollin'..."<yaragn> ever seen that movie? The Matrix?
<yaragn> with those green lines of flying text?
<yaragn> *THAT'S* Perl

RE: modifying a webpage

Member

Posts:Location:Joined: 01.01.70 Rank: Guest

Posted on 20-09-08 22:46

spyware wrote:

hacker2k wrote:
Sir yes sir, but first, I'd like to say that my information was true as compared to clone4's retarded restatements and wrong definitions. Also, I'm sure it would help the topic of you enlightened us.

Me? Me enlightening you? What have I to say that others haven't? I am merely a information carrier. What value will my words have, when I speak of what others have spoken? None. None at all.

I will NOT act as a bringer of information. Retriever of data. Supplier of text. Google seems happy with it's job, and is good at it.

If you want to know stuff about webappsec, go ask RSnake and companions. However, if you behave there like you behave here, I see nothing but trouble on your path.

Consider yourselves warned.

Ha, yeah. I've googled, I just thought that since we are babbling and stupid and should "shut up, watch, and learn", you would like to tell us what we are mistaking. And, for your information, I'm not just some random moron that knows nothing, has no experience, etc. I've done SQL injections, XSS, CSRF, etc. with great success. Maybe those can also as examples of these vulnerabilities. My apologies for the RFI, though, I didn't screenshot it.

@clone4: Nah, I don't do pms, don't help anyone else. I like to have information sitting on a forum where other people can see and hopefully won't make the same mistake whether or not I'm right.

Edit:
Reaction to above:
Lol, I was just saying that I actually know how to do this and basic vulnerabilities. He seemed to think that I was a retard that wanted to be an 31337 h4x0r. I'll take the link off if it's retarded. Oh, and it also shows that XSS is not executed by the server, it's executed by the client.

Edit2:
BTW, it was directed to spyware, not you.

Edit3:
Oh, btw, I think being able to find any vulnerabilities is great for someone of my age and with the small amount of time I have been learning (only about like 4-6 months of actual learning) and I'm actually getting paid to do this, I'm sure you can' t say that (and say you've had success with the test).

Edited by on 20-09-08 23:08

Author

RE: modifying a webpage

Posts: 586Location: He is back and he's bad!Joined: 25.11.07 Rank: Mad User

Posted on 20-09-08 23:54

wow how fucking cocky are you. No I'm not paid for anything, and yes I've probably been doing hacking longer, but who gives a shit how old are you or if you are paid for something ?! How do you even know I want to be paid for this, how do you know that I want have career within the compter security. I do this for fun, and I don't need approval of some little fuck like you are...

btw yes you were right about the xss ( string processed by server-->executed by browser ), see I can admit when I'm wrong, opposed to stubborn idiot like you

[img][/img]

spyware - "They see me trollin'..."<yaragn> ever seen that movie? The Matrix?
<yaragn> with those green lines of flying text?
<yaragn> *THAT'S* Perl